Senior Legal Counsel - Privacy

🔒 Confidential Employer
Posted 24 April 2026
LOCATION
London
TYPE
Full-time
LEVEL
Mid-Senior level
CATEGORY
Legal
This employer holds a UK Home Office sponsor license — sponsorship for this specific role is at the employer’s discretion

SKILLS

GDPR Data Protection Privacy Law COPPA Ad Tech SDK integrations Regulatory Compliance Legal Compliance

FULL DESCRIPTION

[Employer hidden — view at passion-project.co.uk] operates games that are played by hundreds of millions of people around the world and the legal team's work reflects that scale and complexity. Privacy in mobile gaming has moved from a compliance checkbox to a strategic discipline: GDPR enforcement is intensifying, the 2025 COPPA Rule amendments take full effect in April 2026, the UK Children's Code is being actively enforced, and data flows in ad-supported F2P games are under scrutiny from regulators on multiple continents simultaneously. We need a Senior Legal Counsel - Privacy who combines genuine legal depth in data protection and children's privacy with the practical instincts to operate inside a complex, fast-moving product environment. Reporting to the Group General Counsel and working closely with the Senior Legal Counsel- Product and Regulatory, this role is the privacy anchor for [Employer hidden], globally advising on the full spectrum of data protection obligations and embedding privacy-by-design into how we build and operate games.

Privacy Advisory & Compliance

- Lead legal compliance for the full range of gaming-specific privacy obligations, advising product, engineering, commercial, and marketing teams on data protection obligations across all major operating jurisdictions - Advise on the data protection implications of in-game advertising and ad tech, including programmatic advertising, third-party SDK integrations, behavioural profiling, and contextual targeting - particularly where these intersect with mixed-audience titles - Conduct and oversee data protection impact assessments (DPIAs) for new products, features, and data processing activities - Draft and maintain privacy notices, consent flows, parental consent mechanisms, and internal data processing records across the portfolio - Support and manage responses to data subject rights requests, regulatory enquiries, and supervisory authority correspondence - Lead on data breach preparedness, investigation, and notification obligations across multiple jurisdictions - Review and advise on third-party SDK integrations (analytics, attribution, ad mediation, social features) with a focus on data minimisation, purpose limitation, and contractual protections

Governance & Cross-Functional Work

- Develop training materials and practical guidance for product, commercial, and marketing teams on privacy obligations in gaming - Monitor regulatory developments and enforcement trends - particularly FTC, ICO, and EU DPA actions in the gaming space and ensure the business has timely visibility of emerging obligations - Maintain [Employer hidden]'s Records of Processing Activities (RoPAs) and vendor data processing agreements, including DPAs with key partners - Manage external privacy counsel and, where relevant, engage with trade associations and regulatory consultations on gaming-sector privacy policy

What We're Looking For

- Approx 5–8 years PQE with substantive in-house or specialist private practice experience in data protection and privacy law - Solid working knowledge of GDPR (including the children's consent regime), UK GDPR, and the ICO's Children's Code - you understand how these apply to ad-funded, live-service digital products - Working knowledge of COPPA, including the 2025 Rule amendments and their implications for gaming companies operating mixed-audience titles - Understanding of the ad tech ecosystem and the data flows in F2P mobile games - you can review an SDK integration and identify the privacy risks without needing things explained from scratch - Comfortable operating across multiple jurisdictions simultaneously and advising on global data protection frameworks - Qualified solicitor in England & Wales (or equivalent)

Nice to Have

- In-house experience in mobile gaming, consumer apps, or ad-supported digital media - CIPP/E or equivalent privacy qualification desirable but not required - Direct experience with regulatory engagement or supervisory authority correspondence

The Qualities That Matter Most

- Technically rigorous: You know the law deeply enough to push back on product decisions that create real exposure, and to identify the risks that others miss - Practically minded: You distinguish between theoretical risk and genuine compliance exposure, and you give clear answers rather than deferring everything to outside counsel - Collaborative: Privacy work in gaming requires trust with product and engineering teams - you build that by being useful, not obstructive - Proactive: You track enforcement trends and regulatory developments and translate them into timely, business-relevant guidance - Clear communicator: You can explain complex data protection obligations to non-lawyers - Low ego, high impact: You care about outcomes, not credit

Sign up free — access 45,000+ UK sponsor-licensed jobs